CVE-2022-38651 An attacker can exploit a security filter misconfiguration in VMware Hyperic Server 5.8.6 to bypass authentication requirements.
Currently, the only supported version of the Hyperic Server is 5.8.5. The previous version, 5.8.4, is no longer updated. You should upgrade to the latest version. This vulnerability has been assigned Common Vulnerability Scoring System (CVSS) version 3.0. CVSS is a standards-based scoring method that helps determine the severity of security vulnerabilities. There are two types of CVSS: 1. Base metrics that measure the risk of a given vulnerability. These metrics are grouped into five sub-scores: - CVSS v2.0 Base Metrics - (CONVERTED) Confidential Data Exposure - CVSS v3.0 Base Metrics - (CONVERTED) Authentication Required - CVSS v3.0 Base Metrics - (CONVERTED) Access via Privilege Escalation - CVSS v3.0 Base Metrics - (CONVERTED) Access via Authentication NOTE: CVSS v2.0 and v3.0 are the most commonly used metrics. 2. Risk assessment of how likely it is that a specific scenario will occur. This likelihood is given a score from 0 to 100, with 0 being low and 100 being high. NOTE: CVSS v2.0 and v3.0 are the most commonly used metrics. Exploitation of this vulnerability enables a malicious party to bypass authentication requirements for creating new users, manage users, and assign roles. This could enable a malicious party to
CVSS v2.0 Base Metrics
- CVSS v2.0 Base Metrics - (CONVERTED) Confidential Data Exposure
This vulnerability has been assigned a Base Metric of CONFIDENTIAL DATA EXPOSURE (3).
Exploitation of this vulnerability enables a malicious party to bypass authentication requirements for creating new users, manage users, and assign roles. This could enable a malicious party to perform covert activities on the Hyperic Server such as stealing data from confidential reports or the Web UI of the Hyperic Server.
Timeline
Published on: 11/12/2022 05:15:00 UTC
Last modified on: 11/16/2022 23:19:00 UTC